We received the file BSEARCH.EXE and detected that BSEARCH.EXE is not good.
BSEARCH.EXE is Adware. You should remove the file BSEARCH.EXE.
Kill the process BSEARCH.EXE and remove BSEARCH.EXE from Windows.
Malware Analysis of BSEARCH.EXE
Full path on a computer: %Program Files%\barosearch\bsearch.exe
Detected by UnHackMe:
BSEARCH.EXE
Default location: %Program Files%\barosearch\bsearch.exe
Removal Results: Success
Number of reboot: 1
BSEARCH.EXE is known as:
Adware.KorAd, ApplicUnwnt.AdWare.Agent.~A, Adware.Agent.aolp, PUP.BaroSearch, a variant of Win32.Adware.Kraddare.GO, Trojan.Agent, unknown virus Win32.DH{QS4DDwE}
BSEARCH.EXE hash:
- MD5: 2bcbce4976200ffc9ba32f17d88ef3a5
The file tries to download information from some web sites.
How to quickly detect BSEARCH.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Classes\CLSID\{36936EFC-0B55-4DF4-A01D-69CD27B4309E}\InprocServer32\: “C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\newtab\newtab32.dll”
- HKLM\Software\Classes\CLSID\{7CCA4EA6-CA02-4789-9419-34E85C7AC2DC}\InprocServer32\: “C:\PROGRA~1\WISELO~1\juso.dll”
- HKLM\System\CurrentControlSet\Services\BCSvc\Type: 0×00000110
- HKLM\System\CurrentControlSet\Services\BCSvc\Start: 0×00000002
- HKLM\System\CurrentControlSet\Services\BCSvc\ErrorControl: 0×00000001
- HKLM\System\CurrentControlSet\Services\BCSvc\ImagePath: “%Program Files%\barosearch\bsearchsvc.exe”
- HKLM\System\CurrentControlSet\Services\BCSvc\DisplayName: “BSearch Service”
- HKLM\System\CurrentControlSet\Services\BCSvc\ObjectName: “LocalSystem”
- HKLM\System\CurrentControlSet\Services\BCSvc\Description: “The Service in Windows.”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\WiseLook Application: “%Program Files%\WiseLook Application\WiseLook.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\BSearch: “%Program Files%\barosearch\bsearch.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\newtab: “%Local Appdata%\newtab\newtab.exe”
Folders:- %Local Appdata%\newtab
- %Program Files%\barosearch
- %Program Files%\newtab
- %Program Files%\WiseLook Application
Files:- %Favorites%\CJmall.url
- %Favorites%\GS SHOP.url
- %Favorites%\Hmall.url
- %Local Appdata%\barosearchinstall.exe
- %Local Appdata%\newtab\newtab.exe
- %Local Appdata%\newtab\newtab32.dll
- %Local Appdata%\newtab\newtab64.dll
- %Local Appdata%\newtab\newtabdel.exe
- %Local Appdata%\newtab\newtabin.exe
- %Local Appdata%\wiselook.exe
- %Program Files%\barosearch\11st.ico
- %Program Files%\barosearch\auction.ico
- %Program Files%\barosearch\bsearch.exe
- %Program Files%\barosearch\bsearchsvc.exe
- %Program Files%\barosearch\cjmall.ico
- %Program Files%\barosearch\cybermall.ico
- %Program Files%\barosearch\dnshop.ico
- %Program Files%\barosearch\emart.ico
- %Program Files%\barosearch\faple.ico
- %Program Files%\barosearch\gmarket.ico
- %Program Files%\barosearch\gseshop.ico
- %Program Files%\barosearch\halfclub.ico
- %Program Files%\barosearch\hmall.ico
- %Program Files%\barosearch\istore1.ico
- %Program Files%\barosearch\lotte01.ico
- %Program Files%\barosearch\lotteimall.ico
- %Program Files%\barosearch\mutnam01.ico
- %Program Files%\barosearch\nseshop.ico
- %Program Files%\barosearch\player.ico
- %Program Files%\barosearch\samsungmall.ico
- %Program Files%\newtab\r.exe
- %Program Files%\WiseLook Application\juso.dll
- %Program Files%\WiseLook Application\WiseLook.exe